Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/3y3U3qwdmO2kk7QDF8OpeEvGmYk.roa
File:                     3y3U3qwdmO2kk7QDF8OpeEvGmYk.roa (raw, json)
Hash identifier:          SYsIHbZxcsCIobtYof4JiLY0CTjM81pe5pDZopAZEhE=
Subject key identifier:   DF:2D:D4:DE:AC:1D:98:ED:A4:93:B4:03:17:C3:A9:78:4B:C6:99:89
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       0196B92B62CEC554960531871496559B97CC
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/3y3U3qwdmO2kk7QDF8OpeEvGmYk.roa
Signing time:             Sat 10 May 2025 07:49:10 +0000
ROA not before:           Sat 10 May 2025 07:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.18.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b9:2b:62:ce:c5:54:96:05:31:87:14:96:55:9b:97:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: May 10 07:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df2dd4deac1d98eda493b40317c3a9784bc69989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:38:71:73:38:5b:67:f1:e1:f2:93:bc:d0:d2:
                    21:de:7a:ac:dc:3b:26:f2:1f:e3:da:96:6f:19:0b:
                    de:8d:58:34:b9:f5:3b:03:1f:08:92:68:4b:41:2e:
                    41:8c:08:15:0a:c1:a9:98:b5:c0:78:25:a5:d2:45:
                    75:83:c1:47:e7:ce:0d:93:f6:66:ce:f0:1c:47:19:
                    f3:a0:f7:81:da:40:c9:d0:c5:36:74:7d:9e:1b:e9:
                    8c:97:cf:32:ba:fa:a2:83:b1:c1:70:d7:a7:0e:3d:
                    65:32:92:05:2e:3e:e7:6c:81:f8:f5:93:92:54:ef:
                    15:53:69:a4:11:cc:c1:df:fb:9e:b3:c3:17:13:17:
                    79:ca:c3:94:c9:22:d4:9c:b3:2b:e1:cd:31:ef:82:
                    09:98:5b:59:82:0e:cc:97:24:f2:c4:2e:53:81:e7:
                    98:81:94:0d:a5:52:24:df:0a:28:a8:18:05:04:68:
                    51:9d:bc:bc:89:15:3f:40:fd:7d:45:4d:ab:e4:75:
                    82:97:bf:06:4f:1d:aa:9d:a4:00:13:95:89:6b:1b:
                    3d:f1:bd:18:d8:98:c6:c8:f9:47:a3:fd:f9:29:32:
                    39:f8:34:4b:9d:ba:95:68:23:c1:0b:f7:17:be:8f:
                    e6:ef:56:c7:08:19:2c:20:62:1b:24:de:b5:df:0f:
                    5a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:2D:D4:DE:AC:1D:98:ED:A4:93:B4:03:17:C3:A9:78:4B:C6:99:89
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/3y3U3qwdmO2kk7QDF8OpeEvGmYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:22:5a:69:97:54:31:34:ec:6f:10:88:ff:ed:65:4f:21:c5:
         bf:2e:05:75:87:19:3b:1a:f4:41:d1:9e:b8:b7:03:f5:6e:37:
         0e:b9:c9:d2:22:cc:ac:3d:f0:56:67:a0:fc:e1:af:22:c7:bc:
         37:37:39:b8:19:39:1c:f3:03:49:aa:82:a8:7a:fd:42:00:8b:
         a2:2a:70:f6:60:ce:dc:58:2f:b2:c6:fb:1a:1a:7b:9f:ed:47:
         37:9a:21:11:62:40:11:df:cf:b7:ae:c7:50:fe:7a:bf:18:0f:
         36:f6:02:ca:10:3b:b0:fb:7c:11:aa:f2:b3:90:70:e7:07:c0:
         1f:f1:10:63:cf:ea:f0:03:88:c7:3c:61:82:75:89:e0:b4:42:
         06:fc:92:6f:ac:b2:8a:d8:f5:52:01:25:47:34:c1:aa:01:32:
         d9:5f:31:4b:d8:51:3b:8c:5f:9b:9f:9f:81:21:b4:8b:9a:a9:
         a8:35:b6:9e:16:3f:5e:64:3d:78:8e:d7:dc:ca:dc:e8:ab:cb:
         ee:1c:81:1b:1c:06:4c:54:44:67:52:9a:c0:58:bc:42:9a:5a:
         21:28:ef:b6:d8:6a:a4:fb:75:57:6e:ee:d2:c5:78:e5:b8:d8:
         92:f7:f8:54:e7:c6:bf:51:e2:0b:f3:66:c2:53:94:86:cd:98:
         d5:25:a3:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa5K2LOxVSWBTGHFJZVm5fMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwNTEwMDc0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJkZDRkZWFjMWQ5OGVkYTQ5M2I0MDMxN2MzYTk3ODRiYzY5OTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzhxczhbZ/Hh8pO80NIh3nqs3Dsm
8h/j2pZvGQvejVg0ufU7Ax8IkmhLQS5BjAgVCsGpmLXAeCWl0kV1g8FH584Nk/Zm
zvAcRxnzoPeB2kDJ0MU2dH2eG+mMl88yuvqig7HBcNenDj1lMpIFLj7nbIH49ZOS
VO8VU2mkEczB3/ues8MXExd5ysOUySLUnLMr4c0x74IJmFtZgg7MlyTyxC5TgeeY
gZQNpVIk3wooqBgFBGhRnby8iRU/QP19RU2r5HWCl78GTx2qnaQAE5WJaxs98b0Y
2JjGyPlHo/35KTI5+DRLnbqVaCPBC/cXvo/m71bHCBksIGIbJN613w9aRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8t1N6sHZjtpJO0AxfDqXhLxpmJMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvM3kzVTNxd2RtTzJrazdRREY4T3BlRXZHbVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI4MA0G
CSqGSIb3DQEBCwUAA4IBAQC7Ilppl1QxNOxvEIj/7WVPIcW/LgV1hxk7GvRB0Z64
twP1bjcOucnSIsysPfBWZ6D84a8ix7w3Nzm4GTkc8wNJqoKoev1CAIuiKnD2YM7c
WC+yxvsaGnuf7Uc3miERYkAR38+3rsdQ/nq/GA829gLKEDuw+3wRqvKzkHDnB8Af
8RBjz+rwA4jHPGGCdYngtEIG/JJvrLKK2PVSASVHNMGqATLZXzFL2FE7jF+bn5+B
IbSLmqmoNbaeFj9eZD14jtfcytzoq8vuHIEbHAZMVERnUprAWLxCmlohKO+22Gqk
+3VXbu7SxXjluNiS9/hU58a/UeIL82bCU5SGzZjVJaO0
-----END CERTIFICATE-----